Instructions to use exploitintel/cve-cwe-gemma4-12b with libraries, inference providers, notebooks, and local apps. Follow these links to get started.

Libraries

How to use exploitintel/cve-cwe-gemma4-12b with Transformers:

# Use a pipeline as a high-level helper
from transformers import pipeline

pipe = pipeline("text-generation", model="exploitintel/cve-cwe-gemma4-12b")
messages = [
    {
        "role": "user",
        "content": [
            {"type": "image", "url": "https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/p-blog/candy.JPG"},
            {"type": "text", "text": "What animal is on the candy?"}
        ]
    },
]
pipe(text=messages)

# Load model directly
from transformers import AutoProcessor, AutoModelForImageTextToText

processor = AutoProcessor.from_pretrained("exploitintel/cve-cwe-gemma4-12b")
model = AutoModelForImageTextToText.from_pretrained("exploitintel/cve-cwe-gemma4-12b")
messages = [
    {
        "role": "user",
        "content": [
            {"type": "image", "url": "https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/p-blog/candy.JPG"},
            {"type": "text", "text": "What animal is on the candy?"}
        ]
    },
]
inputs = processor.apply_chat_template(
	messages,
	add_generation_prompt=True,
	tokenize=True,
	return_dict=True,
	return_tensors="pt",
).to(model.device)

outputs = model.generate(**inputs, max_new_tokens=40)
print(processor.decode(outputs[0][inputs["input_ids"].shape[-1]:]))

Notebooks
Google Colab
Kaggle
Local Apps Settings

vLLM

How to use exploitintel/cve-cwe-gemma4-12b with vLLM:

Install from pip and serve model

# Install vLLM from pip:
pip install vllm
# Start the vLLM server:
vllm serve "exploitintel/cve-cwe-gemma4-12b"
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:8000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "exploitintel/cve-cwe-gemma4-12b",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker

docker model run hf.co/exploitintel/cve-cwe-gemma4-12b

SGLang

How to use exploitintel/cve-cwe-gemma4-12b with SGLang:

Install from pip and serve model

# Install SGLang from pip:
pip install sglang
# Start the SGLang server:
python3 -m sglang.launch_server \
    --model-path "exploitintel/cve-cwe-gemma4-12b" \
    --host 0.0.0.0 \
    --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "exploitintel/cve-cwe-gemma4-12b",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Use Docker images

docker run --gpus all \
    --shm-size 32g \
    -p 30000:30000 \
    -v ~/.cache/huggingface:/root/.cache/huggingface \
    --env "HF_TOKEN=<secret>" \
    --ipc=host \
    lmsysorg/sglang:latest \
    python3 -m sglang.launch_server \
        --model-path "exploitintel/cve-cwe-gemma4-12b" \
        --host 0.0.0.0 \
        --port 30000
# Call the server using curl (OpenAI-compatible API):
curl -X POST "http://localhost:30000/v1/chat/completions" \
	-H "Content-Type: application/json" \
	--data '{
		"model": "exploitintel/cve-cwe-gemma4-12b",
		"messages": [
			{
				"role": "user",
				"content": "What is the capital of France?"
			}
		]
	}'

Docker Model Runner
How to use exploitintel/cve-cwe-gemma4-12b with Docker Model Runner:
```
docker model run hf.co/exploitintel/cve-cwe-gemma4-12b
```
Browse Quantizations to use this model in llama.cpp, Ollama, LM Studio, or any compatible app.

cve-cwe-gemma4-12b

A Gemma 4 12B fine-tune that maps a CVE description to its CWE ID(s).

📖 Write-up: From Essays to CWE-319 — how this fine-tune beats stock Gemma 4 at CWE classification

Input: a free-text vulnerability description (text only).
Output: the CWE ID(s) it maps to, comma-separated — e.g. CWE-79 or CWE-89, CWE-352.
Label space: MITRE CWE View-1003 (~117 weakness classes). Multi-label.

This is the merged 16-bit (bf16) model for transformers / vLLM / TGI. Quantized GGUFs for Ollama and llama.cpp are at exploitintel/cve-cwe-gemma4-12b-GGUF.

Results

Held-out test split (exploitintel/cve-cwe-consensus, 10,514 examples), greedy decoding, description-only (no CVE-ID or label metadata in the prompt). Rows are split into easy (the weakness is named in the text) vs hard (it must be inferred).

metric	this model (bf16)	v1 baseline*
exact-match	0.714	0.29
micro-F1	0.756	0.32
macro-F1	0.538	0.067
easy exact-match	0.805	—
hard exact-match	0.644	—

* v1 baseline = a 1-epoch Gemma-4-E4B fine-tune. The headline gain is macro-F1 (the rare-CWE long tail), which improves ~8×; hard (must-infer) exact-match of 0.644 is close to easy (0.805), indicating the model genuinely infers weaknesses rather than only keyword-matching.

Usage

Requires transformers >= 5.10 (Gemma 4 is the gemma4_unified architecture).

import torch
from transformers import AutoModelForCausalLM, AutoTokenizer

model_id = "exploitintel/cve-cwe-gemma4-12b"
tok = AutoTokenizer.from_pretrained(model_id)
model = AutoModelForCausalLM.from_pretrained(model_id, dtype="auto", device_map="auto").eval()

cve = ("A vulnerability in the login form allows remote attackers to execute "
       "arbitrary SQL commands via the username parameter.")
messages = [
    {"role": "system", "content": "You are a vulnerability analyst. Given a CVE "
     "description, reply with only the CWE ID(s) it maps to, comma-separated."},
    {"role": "user", "content": cve},
]
prompt = tok.apply_chat_template(messages, tokenize=False, add_generation_prompt=True)
inputs = tok(prompt, return_tensors="pt").to(model.device)
out = model.generate(**inputs, max_new_tokens=32, do_sample=False)
print(tok.decode(out[0, inputs["input_ids"].shape[1]:], skip_special_tokens=True))
# -> CWE-89

Training

Base: unsloth/gemma-4-12b-it (4-bit QLoRA, bitsandbytes nf4).
Method: LoRA (r=16), 3 epochs, context length 512, full-sequence SFT.
Data: exploitintel/cve-cwe-consensus (train split, 50,074 examples).
Hardware: single NVIDIA RTX 5090; ~7.1 h wall, ~17 GB peak VRAM.
Trained with Unsloth.

Intended use & limitations

Intended use: triage assistance — suggesting candidate CWE mappings for a CVE description.
It is description-only: quality depends on how well the text describes the weakness. Vague descriptions yield weaker predictions (see the hard split).
It can predict CWEs outside the true set; treat outputs as suggestions, not authoritative classifications, and keep a human in the loop for security-relevant decisions.
Scope is MITRE View-1003; CWEs outside that view are not modeled.

License

Apache-2.0, inherited from the Gemma 4 base model.

Downloads last month: -

Safetensors

Model size

12B params

Tensor type

BF16

Model tree for exploitintel/cve-cwe-gemma4-12b

Base model

google/gemma-4-12B

Finetuned

google/gemma-4-12B-it

Finetuned

unsloth/gemma-4-12b-it

Finetuned

(3)

this model

Quantizations

1 model

exploitintel
/

cve-cwe-gemma4-12b

cve-cwe-gemma4-12b

Results

Usage

Training

Intended use & limitations

License

Model tree for exploitintel/cve-cwe-gemma4-12b

Dataset used to train exploitintel/cve-cwe-gemma4-12b